Last updated on April 18, 2024

 

What is Piggybacking?

Piggybacking means sneaking past security measures by using an authorized person’s permission or access. It’s a huge problem for both physical and online security. Organizations and the general public need to know about it so they can protect themselves better.

Steps involved in piggybacking attacks

1. Physical access By blending in with staff or visitors, the attacker gets into the building / place where the target organization is.
2. Observing authentication The attacker watches someone who is allowed to log in to a restricted system, like seeing someone type in their password on a computer.
3. Mimicking credentials The attacker gets the login details by watching over the shoulder, using cameras, keyloggers, or other spying tools.
4. Accessing the system With the stolen login details, the attacker can log into the restricted system, see confidential information, and install malicious software there.
5. Covering tracks To avoid getting caught early, attackers might use tricks like deleting access records and changing system files to hide what they did.
6. Maintaining access Sometimes, the attacker might even set up backdoors (secret entrances) or make new user accounts to maintain long term access.

Common examples of piggybacking

• Unprotected businesses Many small businesses don’t put passwords on their Wi-Fi networks, so people can use them without askings.
• Publicly available passwords Some places like coffee shops display the Wi-Fi passwords for everyone to see. That means anyone nearby can use the Wi-Fi, even after they leave the coffee shop.
• Personal hotspots When people use their phones as personal hotspots, they usually don’t put passwords on the network. That means anyone nearby can connect to the unprotected network and use the internet.
• Home routers Many people use default or easy-to-guess passwords on their home routers. These passwords can be easily cracked by hacking tools. Someone nearby, like a piggybacker, can then access and use the homeowner’s internet without them knowing.

How to prevent piggybacking attacks

Here are some useful tips for organizations and individuals to defend against unauthorized access:

• Make long, complex Wi-Fi passwords.
• Keep your Wi-Fi passwords secret.
• Use a password manager.
• Regularly check the list of connected devices on your router’s admin page.
• Remove any devices that you didn’t authorize.
• Educate employees about piggybacking attacks.
• Use physical security like cameras.
• Have security rules for the whole organization.
• Conduct regular security audits.
• Stay alert to what is around you.
• Be careful with door access in secret areas.
• Make sure people are who they say they are.
• Tell relevant officials if you see something strange or suspicious

References:

https://www.ccslearningacademy.com/what-is-piggybacking-in-cybersecurity/
https://cybersecurityasean.com/daily-news/cybersecuritys-unwanted-passengers-piggybacking-and-tailgating